Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem with preprocessing? #261

Open
jad-hamza opened this issue Oct 22, 2016 · 3 comments
Open

Problem with preprocessing? #261

jad-hamza opened this issue Oct 22, 2016 · 3 comments

Comments

@jad-hamza
Copy link 

import leon.lang._
import leon.proof._

object Preprocessing {

  def theorem(b: Boolean): Unit = {
    require (b)

    check(b)
    true

  } ensuring ( _ => true )

}

The check(b) fails. Is there an issue with preprocessing?

Removing ": Unit", "true" (at the end), or the ensuring clause make the verification go through.
@mantognini
Copy link
Contributor

I had a very brief look at it with --debug=trees and it appears that your code is understood as:

object Preprocessing$0 {
  def theorem$0(b$0 : Boolean): Unit =  {
    require(b$0)
    check$0(b$0)
    true
  } ensuring {
    (x$1$0 : Boolean) => true
  }
  () // <- Mind this part
}

and then the xlang desugaring phase will, mistakenly, keep only the check-part. I believe the issue is linked to ExprOps.preconditionOf and ExprOps.postconditionOf not handling blocks as the FunDef pre/postcondition are both None before xlang desugaring phase.

The question is, should those functions be fixed or should such program be explicitly rejected? (It could be argued that having return type of Boolean for a theorem is more intuitive.) Maybe @regb knows?

@regb
Copy link
Collaborator

regb commented Nov 30, 2016

Indeed the issue is that require/ensuring can be attached to any expression, and due to the Unit type and the final boolean expression, the parsed expression is a sequence of two operations:

  def theorem(b: Boolean): Unit =  {
    val tmp = {
      require(b)
      check(b)
      true
    } ensuring {
      (_ : Boolean) => true
    }
    ()
  }

And then for some reason, xlang extract the check function call without the require. That could be fixed, but then there are other issues in the solver itself, which does not seem to support require at arbitrary position in the tree.

In an ideal world we should be able to solve the solver, I don't see any issue with supporting require at any level of a function @colder @samarion @manoskouk ? But for now it's probably better to be careful and not write such functions.

@manoskouk
Copy link
Member

This seems like a typo to me (the return type should be Boolean), but on the subject itself:
Right now, require and ensuring are handled as pre- and postconditions of entire functions respectively. I think this is what they are meant to mean in Scala as well. If you need to state an assumption within the body of the function, one would use assume (resp. assert). Assert is already available, whereas assume is not. Introducing assume is of course possible but would be slightly complicated because we would need to check the assumption in all call sites. There are certainly a few benchmarks that could use it but it is not high in our priority list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@regb @mantognini @jad-hamza @manoskouk